On Wed, Jun 26, 2013 at 12:12:54PM +0000, Ivailo Tanusheff wrote:
> I need all jails to use the 127.0.0.1 address, not different hosts in 127.0.0
> network.
man jail
====================================================
ip4.addr
A list of IPv4 addresses assigned to the prison. If this is set,
the jail is restricted to using only these addresses. Any
attempts to use other addresses fail, and attempts to use wild-
card addresses silently use the jailed address instead. For IPv4
the first address given will be kept used as the source address
in case source address selection on unbound sockets cannot find a
better match. It is only possible to start multiple jails with
the same IP address, if none of the jails has more than this sin-
gle overlapping IP address assigned to itself.
====================================================
All of my jail IPs are on lo0. In this jail, for nagios, they are :
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet y.y.33.6 netmask 0xffffffff
inet x.x.76.6 netmask 0xffffffff
But software running in the jail can access the jail via 127.0.0.1.
So, maybe you don't actually need 127.0.0.1 configured in each jail?
lambert@nagios1:~/src/tcw/nagios1.tcworks.net/etc> ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.103 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.057 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.057/0.080/0.103/0.023 ms
lambert@nagios1:~/src/tcw/nagios1.tcworks.net/etc> ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
Last login: Tue Jun 25 23:04:30 2013 from nagios1
FreeBSD 9.1-STABLE (GENERIC) #0 r246221M: Mon Feb 4 23:08:38 UTC 2013
Exit 1
lambert@nagios1:~> ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:04:23:xx:xx:xx
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:04:23:xx:xx:xx
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet y.y.33.6 netmask 0xffffffff
inet x.x.76.6 netmask 0xffffffff
lambert@nagios1:~>
> -----Original Message-----
> From: Lars Engels [mailto:lars.eng...@0x20.net]
> Sent: Wednesday, June 26, 2013 2:00 PM
> To: Ivailo Tanusheff
> Cc: wishmaster; freebsd-jail@freebsd.org
> Subject: Re: Re[2]: Loopback and jail.conf
>
> On Wed, Jun 26, 2013 at 07:47:25AM +0000, Ivailo Tanusheff wrote:
> > Mate, I do not need pf or ipfw :)
> > Maybe I did not describe it well, what I simply need is:
> >
> > Jail 1:
> > Interface em0: 192.168.0.1
> > Interface lo0: 127.0.0.1
> >
> > Jail 2:
> > Interface em0: 192.168.0.2
> > Interface lo0: 127.0.0.1
> >
> > Jail 3:
> > Interface em0: 192.168.0.3
> > Interface lo0: 127.0.0.1
> >
> > As you can see, there the same address for the loopback, which gives me an
> > error when I start the jail:
> > Jail 1 starts ok.
> > Then when I start Jail 2:
> > jail: jail2: IPv4 addresses clash
> >
> > What I use in jail.conf:
> >
> > Jail1: ip4.addr = 192.168.0.1 , 127.0.0.1;
> > Jail2: ip4.addr = 192.168.0.2 , 127.0.0.1;
>
> You can add aliases to lo0: 127.0.0.2, .3, .4, ...
>
>
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
--
Scott Lambert KC5MLE Unix SysAdmin
lamb...@lambertfam.org
How to be a "computer expert," http://www.xkcd.com/627/
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
